From a58d229c550d5aedaf3ecbe5e144d647f8a78162 Mon Sep 17 00:00:00 2001 From: Jim Van Fleet Date: Thu, 25 Aug 2016 09:55:56 -0400 Subject: [PATCH 1/2] Cleaning up module installs for style purposes, correct version reflected --- Dockerfile | 9 +++++++-- common.bash | 3 ++- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/Dockerfile b/Dockerfile index f9b7934..a63d9c5 100644 --- a/Dockerfile +++ b/Dockerfile @@ -3,7 +3,7 @@ FROM bigfleet/centos7base # Define args and set a default value ARG maintainer=tier ARG imagename=shibboleth_sp -ARG version=1.0 +ARG version=2.5.1 MAINTAINER $maintainer LABEL Vendor="Internet2" @@ -16,7 +16,12 @@ LABEL Build docker build --rm --tag $maintainer/$imagename . RUN curl -o /etc/yum.repos.d/security:shibboleth.repo \ http://download.opensuse.org/repositories/security://shibboleth/CentOS_7/security:shibboleth.repo \ - && yum -y update && yum -y install shibboleth.x86_64 httpd mod_ssl && yum clean all \ + && yum -y update \ + && yum -y install \ + httpd \ + mod_ssl \ + shibboleth.x86_64 \ + && yum clean all \ && rm /etc/httpd/conf.d/autoindex.conf \ && rm /etc/httpd/conf.d/ssl.conf \ && rm /etc/httpd/conf.d/userdir.conf \ diff --git a/common.bash b/common.bash index 7ffb16a..f9c7275 100644 --- a/common.bash +++ b/common.bash @@ -1,2 +1,3 @@ maintainer="bigfleet" -imagename="shibboleth_sp" \ No newline at end of file +imagename="shibboleth_sp" +version="2.5.1" \ No newline at end of file From 5bcb08e01c57a9436c1b93e804fc03cc2d15e017 Mon Sep 17 00:00:00 2001 From: Jim Van Fleet Date: Mon, 12 Sep 2016 14:27:15 -0400 Subject: [PATCH 2/2] Adding sample configuration to all SP configured images --- Dockerfile | 3 ++ conf/attribute-map.xml | 32 +++++++++++++++++ conf/inc-md-cert.pem | 21 +++++++++++ conf/shibboleth_keygen.sh | 75 +++++++++++++++++++++++++++++++++++++++ tests/image.bats | 12 +++++++ 5 files changed, 143 insertions(+) create mode 100644 conf/attribute-map.xml create mode 100644 conf/inc-md-cert.pem create mode 100755 conf/shibboleth_keygen.sh diff --git a/Dockerfile b/Dockerfile index a63d9c5..6914dd8 100644 --- a/Dockerfile +++ b/Dockerfile @@ -28,6 +28,9 @@ RUN curl -o /etc/yum.repos.d/security:shibboleth.repo \ && rm /etc/httpd/conf.d/welcome.conf COPY httpd-shib-foreground /usr/local/bin/ +COPY conf/attribute-map.xml /opt/etc/shibboleth/attribute-map.xml +COPY conf/inc-md-cert.pem /opt/etc/shibboleth/inc-md-cert.pem +COPY conf/shibboleth_keygen.sh /opt/bin/shibboleth_keygen.sh EXPOSE 80 443 CMD ["httpd-shib-foreground"] \ No newline at end of file diff --git a/conf/attribute-map.xml b/conf/attribute-map.xml new file mode 100644 index 0000000..12c4019 --- /dev/null +++ b/conf/attribute-map.xml @@ -0,0 +1,32 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/conf/inc-md-cert.pem b/conf/inc-md-cert.pem new file mode 100644 index 0000000..5ec4ec6 --- /dev/null +++ b/conf/inc-md-cert.pem @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDgTCCAmmgAwIBAgIJAJRJzvdpkmNaMA0GCSqGSIb3DQEBCwUAMFcxCzAJBgNV +BAYTAlVTMRUwEwYDVQQKDAxJbkNvbW1vbiBMTEMxMTAvBgNVBAMMKEluQ29tbW9u +IEZlZGVyYXRpb24gTWV0YWRhdGEgU2lnbmluZyBLZXkwHhcNMTMxMjE2MTkzNDU1 +WhcNMzcxMjE4MTkzNDU1WjBXMQswCQYDVQQGEwJVUzEVMBMGA1UECgwMSW5Db21t +b24gTExDMTEwLwYDVQQDDChJbkNvbW1vbiBGZWRlcmF0aW9uIE1ldGFkYXRhIFNp +Z25pbmcgS2V5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0Chdkrn+ +dG5Zj5L3UIw+xeWgNzm8ajw7/FyqRQ1SjD4Lfg2WCdlfjOrYGNnVZMCTfItoXTSp +g4rXxHQsykeNiYRu2+02uMS+1pnBqWjzdPJE0od+q8EbdvE6ShimjyNn0yQfGyQK +CNdYuc+75MIHsaIOAEtDZUST9Sd4oeU1zRjV2sGvUd+JFHveUAhRc0b+JEZfIEuq +/LIU9qxm/+gFaawlmojZPyOWZ1JlswbrrJYYyn10qgnJvjh9gZWXKjmPxqvHKJcA +TPhAh2gWGabWTXBJCckMe1hrHCl/vbDLCmz0/oYuoaSDzP6zE9YSA/xCplaHA0mo +C1Vs2H5MOQGlewIDAQABo1AwTjAdBgNVHQ4EFgQU5ij9YLU5zQ6K75kPgVpyQ2N/ +lPswHwYDVR0jBBgwFoAU5ij9YLU5zQ6K75kPgVpyQ2N/lPswDAYDVR0TBAUwAwEB +/zANBgkqhkiG9w0BAQsFAAOCAQEAaQkEx9xvaLUt0PNLvHMtxXQPedCPw5xQBd2V +WOsWPYspRAOSNbU1VloY+xUkUKorYTogKUY1q+uh2gDIEazW0uZZaQvWPp8xdxWq +Dh96n5US06lszEc+Lj3dqdxWkXRRqEbjhBFh/utXaeyeSOtaX65GwD5svDHnJBcl +AGkzeRIXqxmYG+I2zMm/JYGzEnbwToyC7yF6Q8cQxOr37hEpqz+WN/x3qM2qyBLE +CQFjmlJrvRLkSL15PCZiu+xFNFd/zx6btDun5DBlfDS9DG+SHCNH6Nq+NfP+ZQ8C +GzP/3TaZPzMlKPDCjp0XOQfyQqFIXdwjPFTWjEusDBlm4qJAlQ== +-----END CERTIFICATE----- diff --git a/conf/shibboleth_keygen.sh b/conf/shibboleth_keygen.sh new file mode 100755 index 0000000..205792e --- /dev/null +++ b/conf/shibboleth_keygen.sh @@ -0,0 +1,75 @@ +#! /bin/sh + +while getopts h:u:g:o:e:y:bf c + do + case $c in + o) OUT=$OPTARG;; + b) BATCH=1;; + f) FORCE=1;; + h) FQDN=$OPTARG;; + e) ENTITYID=$OPTARG;; + y) YEARS=$OPTARG;; + \?) echo "shibboleth_keygen [-o output directory (default .)] [-h hostname for cert] [-y years to issue cert] [-e entityID to embed in cert]" + exit 1;; + esac + done +if [ -z "$OUT" ] ; then + OUT=. +fi + +if [ -n "$FORCE" ] ; then + rm $OUT/sp-key.pem $OUT/sp-cert.pem +fi + +if [ -s $OUT/sp-key.pem -o -s $OUT/sp-cert.pem ] ; then + if [ -z "$BATCH" ] ; then + echo The files $OUT/sp-key.pem and/or $OUT/sp-cert.pem already exist! + echo Use -f option to force recreation of keypair. + exit 2 + fi + exit 0 +fi + +if [ -z "$FQDN" ] ; then + FQDN=`hostname --fqdn` +fi + +if [ -z "$YEARS" ] ; then + YEARS=10 +fi + +DAYS=`expr $YEARS \* 365` + +if [ -z "$ENTITYID" ] ; then + ALTNAME=DNS:$FQDN +else + ALTNAME=DNS:$FQDN,URI:$ENTITYID +fi + +SSLCNF=$OUT/sp-cert.cnf +cat >$SSLCNF < /dev/null +fi +rm $SSLCNF \ No newline at end of file diff --git a/tests/image.bats b/tests/image.bats index 485b153..11b300e 100644 --- a/tests/image.bats +++ b/tests/image.bats @@ -8,4 +8,16 @@ load ../common @test "Shibboleth root available" { docker run -i $maintainer/$imagename find /etc/shibboleth +} + +@test "Sample attribute map available" { + docker run -i $maintainer/$imagename find /opt/etc/shibboleth/attribute-map.xml +} + +@test "Includes InCommon cert" { + docker run -i $maintainer/$imagename find /opt/etc/shibboleth/inc-md-cert.pem +} + +@test "Includes Shibboleth keygenerator" { + docker run -i $maintainer/$imagename find /opt/bin/shibboleth_keygen.sh } \ No newline at end of file